Loading...
1/*
2 * This program is free software; you can distribute it and/or modify it
3 * under the terms of the GNU General Public License (Version 2) as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope it will be useful, but WITHOUT
7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
9 * for more details.
10 *
11 * You should have received a copy of the GNU General Public License along
12 * with this program; if not, write to the Free Software Foundation, Inc.,
13 * 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
14 *
15 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
16 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
17 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
18 */
19#include <linux/module.h>
20#include <asm/system.h>
21#include <linux/bitops.h>
22#include <asm/uaccess.h>
23#include <linux/crc16.h>
24#include <linux/string.h>
25#include <linux/mm.h>
26#include <linux/interrupt.h>
27#include <linux/in.h>
28#include <linux/inet.h>
29#include <linux/slab.h>
30#include <linux/tty.h>
31#include <linux/errno.h>
32#include <linux/netdevice.h>
33#include <linux/major.h>
34#include <linux/init.h>
35#include <linux/rtnetlink.h>
36#include <linux/etherdevice.h>
37#include <linux/skbuff.h>
38#include <linux/if_arp.h>
39#include <linux/jiffies.h>
40#include <linux/compat.h>
41
42#include <net/ax25.h>
43
44#define AX_MTU 236
45
46/* SLIP/KISS protocol characters. */
47#define END 0300 /* indicates end of frame */
48#define ESC 0333 /* indicates byte stuffing */
49#define ESC_END 0334 /* ESC ESC_END means END 'data' */
50#define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
51
52struct mkiss {
53 struct tty_struct *tty; /* ptr to TTY structure */
54 struct net_device *dev; /* easy for intr handling */
55
56 /* These are pointers to the malloc()ed frame buffers. */
57 spinlock_t buflock;/* lock for rbuf and xbuf */
58 unsigned char *rbuff; /* receiver buffer */
59 int rcount; /* received chars counter */
60 unsigned char *xbuff; /* transmitter buffer */
61 unsigned char *xhead; /* pointer to next byte to XMIT */
62 int xleft; /* bytes left in XMIT queue */
63
64 /* Detailed SLIP statistics. */
65 int mtu; /* Our mtu (to spot changes!) */
66 int buffsize; /* Max buffers sizes */
67
68 unsigned long flags; /* Flag values/ mode etc */
69 /* long req'd: used by set_bit --RR */
70#define AXF_INUSE 0 /* Channel in use */
71#define AXF_ESCAPE 1 /* ESC received */
72#define AXF_ERROR 2 /* Parity, etc. error */
73#define AXF_KEEPTEST 3 /* Keepalive test flag */
74#define AXF_OUTWAIT 4 /* is outpacket was flag */
75
76 int mode;
77 int crcmode; /* MW: for FlexNet, SMACK etc. */
78 int crcauto; /* CRC auto mode */
79
80#define CRC_MODE_NONE 0
81#define CRC_MODE_FLEX 1
82#define CRC_MODE_SMACK 2
83#define CRC_MODE_FLEX_TEST 3
84#define CRC_MODE_SMACK_TEST 4
85
86 atomic_t refcnt;
87 struct semaphore dead_sem;
88};
89
90/*---------------------------------------------------------------------------*/
91
92static const unsigned short crc_flex_table[] = {
93 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
94 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
95 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
96 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
97 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
98 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
99 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
100 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
101 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
102 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
103 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
104 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
105 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
106 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
107 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
108 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
109 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
110 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
111 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
112 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
113 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
114 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
115 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
116 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
117 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
118 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
119 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
120 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
121 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
122 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
123 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
124 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
125};
126
127static unsigned short calc_crc_flex(unsigned char *cp, int size)
128{
129 unsigned short crc = 0xffff;
130
131 while (size--)
132 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
133
134 return crc;
135}
136
137static int check_crc_flex(unsigned char *cp, int size)
138{
139 unsigned short crc = 0xffff;
140
141 if (size < 3)
142 return -1;
143
144 while (size--)
145 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
146
147 if ((crc & 0xffff) != 0x7070)
148 return -1;
149
150 return 0;
151}
152
153static int check_crc_16(unsigned char *cp, int size)
154{
155 unsigned short crc = 0x0000;
156
157 if (size < 3)
158 return -1;
159
160 crc = crc16(0, cp, size);
161
162 if (crc != 0x0000)
163 return -1;
164
165 return 0;
166}
167
168/*
169 * Standard encapsulation
170 */
171
172static int kiss_esc(unsigned char *s, unsigned char *d, int len)
173{
174 unsigned char *ptr = d;
175 unsigned char c;
176
177 /*
178 * Send an initial END character to flush out any data that may have
179 * accumulated in the receiver due to line noise.
180 */
181
182 *ptr++ = END;
183
184 while (len-- > 0) {
185 switch (c = *s++) {
186 case END:
187 *ptr++ = ESC;
188 *ptr++ = ESC_END;
189 break;
190 case ESC:
191 *ptr++ = ESC;
192 *ptr++ = ESC_ESC;
193 break;
194 default:
195 *ptr++ = c;
196 break;
197 }
198 }
199
200 *ptr++ = END;
201
202 return ptr - d;
203}
204
205/*
206 * MW:
207 * OK its ugly, but tell me a better solution without copying the
208 * packet to a temporary buffer :-)
209 */
210static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
211 int len)
212{
213 unsigned char *ptr = d;
214 unsigned char c=0;
215
216 *ptr++ = END;
217 while (len > 0) {
218 if (len > 2)
219 c = *s++;
220 else if (len > 1)
221 c = crc >> 8;
222 else if (len > 0)
223 c = crc & 0xff;
224
225 len--;
226
227 switch (c) {
228 case END:
229 *ptr++ = ESC;
230 *ptr++ = ESC_END;
231 break;
232 case ESC:
233 *ptr++ = ESC;
234 *ptr++ = ESC_ESC;
235 break;
236 default:
237 *ptr++ = c;
238 break;
239 }
240 }
241 *ptr++ = END;
242
243 return ptr - d;
244}
245
246/* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
247static void ax_bump(struct mkiss *ax)
248{
249 struct sk_buff *skb;
250 int count;
251
252 spin_lock_bh(&ax->buflock);
253 if (ax->rbuff[0] > 0x0f) {
254 if (ax->rbuff[0] & 0x80) {
255 if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
256 ax->dev->stats.rx_errors++;
257 spin_unlock_bh(&ax->buflock);
258
259 return;
260 }
261 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
262 printk(KERN_INFO
263 "mkiss: %s: Switching to crc-smack\n",
264 ax->dev->name);
265 ax->crcmode = CRC_MODE_SMACK;
266 }
267 ax->rcount -= 2;
268 *ax->rbuff &= ~0x80;
269 } else if (ax->rbuff[0] & 0x20) {
270 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
271 ax->dev->stats.rx_errors++;
272 spin_unlock_bh(&ax->buflock);
273 return;
274 }
275 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
276 printk(KERN_INFO
277 "mkiss: %s: Switching to crc-flexnet\n",
278 ax->dev->name);
279 ax->crcmode = CRC_MODE_FLEX;
280 }
281 ax->rcount -= 2;
282
283 /*
284 * dl9sau bugfix: the trailling two bytes flexnet crc
285 * will not be passed to the kernel. thus we have to
286 * correct the kissparm signature, because it indicates
287 * a crc but there's none
288 */
289 *ax->rbuff &= ~0x20;
290 }
291 }
292
293 count = ax->rcount;
294
295 if ((skb = dev_alloc_skb(count)) == NULL) {
296 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
297 ax->dev->name);
298 ax->dev->stats.rx_dropped++;
299 spin_unlock_bh(&ax->buflock);
300 return;
301 }
302
303 memcpy(skb_put(skb,count), ax->rbuff, count);
304 skb->protocol = ax25_type_trans(skb, ax->dev);
305 netif_rx(skb);
306 ax->dev->stats.rx_packets++;
307 ax->dev->stats.rx_bytes += count;
308 spin_unlock_bh(&ax->buflock);
309}
310
311static void kiss_unesc(struct mkiss *ax, unsigned char s)
312{
313 switch (s) {
314 case END:
315 /* drop keeptest bit = VSV */
316 if (test_bit(AXF_KEEPTEST, &ax->flags))
317 clear_bit(AXF_KEEPTEST, &ax->flags);
318
319 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
320 ax_bump(ax);
321
322 clear_bit(AXF_ESCAPE, &ax->flags);
323 ax->rcount = 0;
324 return;
325
326 case ESC:
327 set_bit(AXF_ESCAPE, &ax->flags);
328 return;
329 case ESC_ESC:
330 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
331 s = ESC;
332 break;
333 case ESC_END:
334 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
335 s = END;
336 break;
337 }
338
339 spin_lock_bh(&ax->buflock);
340 if (!test_bit(AXF_ERROR, &ax->flags)) {
341 if (ax->rcount < ax->buffsize) {
342 ax->rbuff[ax->rcount++] = s;
343 spin_unlock_bh(&ax->buflock);
344 return;
345 }
346
347 ax->dev->stats.rx_over_errors++;
348 set_bit(AXF_ERROR, &ax->flags);
349 }
350 spin_unlock_bh(&ax->buflock);
351}
352
353static int ax_set_mac_address(struct net_device *dev, void *addr)
354{
355 struct sockaddr_ax25 *sa = addr;
356
357 netif_tx_lock_bh(dev);
358 netif_addr_lock(dev);
359 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
360 netif_addr_unlock(dev);
361 netif_tx_unlock_bh(dev);
362
363 return 0;
364}
365
366/*---------------------------------------------------------------------------*/
367
368static void ax_changedmtu(struct mkiss *ax)
369{
370 struct net_device *dev = ax->dev;
371 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
372 int len;
373
374 len = dev->mtu * 2;
375
376 /*
377 * allow for arrival of larger UDP packets, even if we say not to
378 * also fixes a bug in which SunOS sends 512-byte packets even with
379 * an MSS of 128
380 */
381 if (len < 576 * 2)
382 len = 576 * 2;
383
384 xbuff = kmalloc(len + 4, GFP_ATOMIC);
385 rbuff = kmalloc(len + 4, GFP_ATOMIC);
386
387 if (xbuff == NULL || rbuff == NULL) {
388 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
389 "MTU change cancelled.\n",
390 ax->dev->name);
391 dev->mtu = ax->mtu;
392 kfree(xbuff);
393 kfree(rbuff);
394 return;
395 }
396
397 spin_lock_bh(&ax->buflock);
398
399 oxbuff = ax->xbuff;
400 ax->xbuff = xbuff;
401 orbuff = ax->rbuff;
402 ax->rbuff = rbuff;
403
404 if (ax->xleft) {
405 if (ax->xleft <= len) {
406 memcpy(ax->xbuff, ax->xhead, ax->xleft);
407 } else {
408 ax->xleft = 0;
409 dev->stats.tx_dropped++;
410 }
411 }
412
413 ax->xhead = ax->xbuff;
414
415 if (ax->rcount) {
416 if (ax->rcount <= len) {
417 memcpy(ax->rbuff, orbuff, ax->rcount);
418 } else {
419 ax->rcount = 0;
420 dev->stats.rx_over_errors++;
421 set_bit(AXF_ERROR, &ax->flags);
422 }
423 }
424
425 ax->mtu = dev->mtu + 73;
426 ax->buffsize = len;
427
428 spin_unlock_bh(&ax->buflock);
429
430 kfree(oxbuff);
431 kfree(orbuff);
432}
433
434/* Encapsulate one AX.25 packet and stuff into a TTY queue. */
435static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
436{
437 struct mkiss *ax = netdev_priv(dev);
438 unsigned char *p;
439 int actual, count;
440
441 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */
442 ax_changedmtu(ax);
443
444 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
445 len = ax->mtu;
446 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
447 dev->stats.tx_dropped++;
448 netif_start_queue(dev);
449 return;
450 }
451
452 p = icp;
453
454 spin_lock_bh(&ax->buflock);
455 if ((*p & 0x0f) != 0) {
456 /* Configuration Command (kissparms(1).
457 * Protocol spec says: never append CRC.
458 * This fixes a very old bug in the linux
459 * kiss driver. -- dl9sau */
460 switch (*p & 0xff) {
461 case 0x85:
462 /* command from userspace especially for us,
463 * not for delivery to the tnc */
464 if (len > 1) {
465 int cmd = (p[1] & 0xff);
466 switch(cmd) {
467 case 3:
468 ax->crcmode = CRC_MODE_SMACK;
469 break;
470 case 2:
471 ax->crcmode = CRC_MODE_FLEX;
472 break;
473 case 1:
474 ax->crcmode = CRC_MODE_NONE;
475 break;
476 case 0:
477 default:
478 ax->crcmode = CRC_MODE_SMACK_TEST;
479 cmd = 0;
480 }
481 ax->crcauto = (cmd ? 0 : 1);
482 printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
483 }
484 spin_unlock_bh(&ax->buflock);
485 netif_start_queue(dev);
486
487 return;
488 default:
489 count = kiss_esc(p, (unsigned char *)ax->xbuff, len);
490 }
491 } else {
492 unsigned short crc;
493 switch (ax->crcmode) {
494 case CRC_MODE_SMACK_TEST:
495 ax->crcmode = CRC_MODE_FLEX_TEST;
496 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
497 // fall through
498 case CRC_MODE_SMACK:
499 *p |= 0x80;
500 crc = swab16(crc16(0, p, len));
501 count = kiss_esc_crc(p, (unsigned char *)ax->xbuff, crc, len+2);
502 break;
503 case CRC_MODE_FLEX_TEST:
504 ax->crcmode = CRC_MODE_NONE;
505 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
506 // fall through
507 case CRC_MODE_FLEX:
508 *p |= 0x20;
509 crc = calc_crc_flex(p, len);
510 count = kiss_esc_crc(p, (unsigned char *)ax->xbuff, crc, len+2);
511 break;
512
513 default:
514 count = kiss_esc(p, (unsigned char *)ax->xbuff, len);
515 }
516 }
517 spin_unlock_bh(&ax->buflock);
518
519 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
520 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
521 dev->stats.tx_packets++;
522 dev->stats.tx_bytes += actual;
523
524 ax->dev->trans_start = jiffies;
525 ax->xleft = count - actual;
526 ax->xhead = ax->xbuff + actual;
527}
528
529/* Encapsulate an AX.25 packet and kick it into a TTY queue. */
530static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
531{
532 struct mkiss *ax = netdev_priv(dev);
533
534 if (!netif_running(dev)) {
535 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
536 return NETDEV_TX_BUSY;
537 }
538
539 if (netif_queue_stopped(dev)) {
540 /*
541 * May be we must check transmitter timeout here ?
542 * 14 Oct 1994 Dmitry Gorodchanin.
543 */
544 if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
545 /* 20 sec timeout not reached */
546 return NETDEV_TX_BUSY;
547 }
548
549 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
550 (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
551 "bad line quality" : "driver error");
552
553 ax->xleft = 0;
554 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
555 netif_start_queue(dev);
556 }
557
558 /* We were not busy, so we are now... :-) */
559 if (skb != NULL) {
560 netif_stop_queue(dev);
561 ax_encaps(dev, skb->data, skb->len);
562 kfree_skb(skb);
563 }
564
565 return NETDEV_TX_OK;
566}
567
568static int ax_open_dev(struct net_device *dev)
569{
570 struct mkiss *ax = netdev_priv(dev);
571
572 if (ax->tty == NULL)
573 return -ENODEV;
574
575 return 0;
576}
577
578#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
579
580/* Return the frame type ID */
581static int ax_header(struct sk_buff *skb, struct net_device *dev,
582 unsigned short type, const void *daddr,
583 const void *saddr, unsigned len)
584{
585#ifdef CONFIG_INET
586 if (type != ETH_P_AX25)
587 return ax25_hard_header(skb, dev, type, daddr, saddr, len);
588#endif
589 return 0;
590}
591
592
593static int ax_rebuild_header(struct sk_buff *skb)
594{
595#ifdef CONFIG_INET
596 return ax25_rebuild_header(skb);
597#else
598 return 0;
599#endif
600}
601
602#endif /* CONFIG_{AX25,AX25_MODULE} */
603
604/* Open the low-level part of the AX25 channel. Easy! */
605static int ax_open(struct net_device *dev)
606{
607 struct mkiss *ax = netdev_priv(dev);
608 unsigned long len;
609
610 if (ax->tty == NULL)
611 return -ENODEV;
612
613 /*
614 * Allocate the frame buffers:
615 *
616 * rbuff Receive buffer.
617 * xbuff Transmit buffer.
618 */
619 len = dev->mtu * 2;
620
621 /*
622 * allow for arrival of larger UDP packets, even if we say not to
623 * also fixes a bug in which SunOS sends 512-byte packets even with
624 * an MSS of 128
625 */
626 if (len < 576 * 2)
627 len = 576 * 2;
628
629 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
630 goto norbuff;
631
632 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
633 goto noxbuff;
634
635 ax->mtu = dev->mtu + 73;
636 ax->buffsize = len;
637 ax->rcount = 0;
638 ax->xleft = 0;
639
640 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */
641
642 spin_lock_init(&ax->buflock);
643
644 return 0;
645
646noxbuff:
647 kfree(ax->rbuff);
648
649norbuff:
650 return -ENOMEM;
651}
652
653
654/* Close the low-level part of the AX25 channel. Easy! */
655static int ax_close(struct net_device *dev)
656{
657 struct mkiss *ax = netdev_priv(dev);
658
659 if (ax->tty)
660 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
661
662 netif_stop_queue(dev);
663
664 return 0;
665}
666
667static const struct header_ops ax_header_ops = {
668 .create = ax_header,
669 .rebuild = ax_rebuild_header,
670};
671
672static const struct net_device_ops ax_netdev_ops = {
673 .ndo_open = ax_open_dev,
674 .ndo_stop = ax_close,
675 .ndo_start_xmit = ax_xmit,
676 .ndo_set_mac_address = ax_set_mac_address,
677};
678
679static void ax_setup(struct net_device *dev)
680{
681 /* Finish setting up the DEVICE info. */
682 dev->mtu = AX_MTU;
683 dev->hard_header_len = 0;
684 dev->addr_len = 0;
685 dev->type = ARPHRD_AX25;
686 dev->tx_queue_len = 10;
687 dev->header_ops = &ax_header_ops;
688 dev->netdev_ops = &ax_netdev_ops;
689
690
691 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
692 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
693
694 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
695}
696
697/*
698 * We have a potential race on dereferencing tty->disc_data, because the tty
699 * layer provides no locking at all - thus one cpu could be running
700 * sixpack_receive_buf while another calls sixpack_close, which zeroes
701 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
702 * best way to fix this is to use a rwlock in the tty struct, but for now we
703 * use a single global rwlock for all ttys in ppp line discipline.
704 */
705static DEFINE_RWLOCK(disc_data_lock);
706
707static struct mkiss *mkiss_get(struct tty_struct *tty)
708{
709 struct mkiss *ax;
710
711 read_lock(&disc_data_lock);
712 ax = tty->disc_data;
713 if (ax)
714 atomic_inc(&ax->refcnt);
715 read_unlock(&disc_data_lock);
716
717 return ax;
718}
719
720static void mkiss_put(struct mkiss *ax)
721{
722 if (atomic_dec_and_test(&ax->refcnt))
723 up(&ax->dead_sem);
724}
725
726static int crc_force = 0; /* Can be overridden with insmod */
727
728static int mkiss_open(struct tty_struct *tty)
729{
730 struct net_device *dev;
731 struct mkiss *ax;
732 int err;
733
734 if (!capable(CAP_NET_ADMIN))
735 return -EPERM;
736 if (tty->ops->write == NULL)
737 return -EOPNOTSUPP;
738
739 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", ax_setup);
740 if (!dev) {
741 err = -ENOMEM;
742 goto out;
743 }
744
745 ax = netdev_priv(dev);
746 ax->dev = dev;
747
748 spin_lock_init(&ax->buflock);
749 atomic_set(&ax->refcnt, 1);
750 sema_init(&ax->dead_sem, 0);
751
752 ax->tty = tty;
753 tty->disc_data = ax;
754 tty->receive_room = 65535;
755
756 tty_driver_flush_buffer(tty);
757
758 /* Restore default settings */
759 dev->type = ARPHRD_AX25;
760
761 /* Perform the low-level AX25 initialization. */
762 if ((err = ax_open(ax->dev))) {
763 goto out_free_netdev;
764 }
765
766 if (register_netdev(dev))
767 goto out_free_buffers;
768
769 /* after register_netdev() - because else printk smashes the kernel */
770 switch (crc_force) {
771 case 3:
772 ax->crcmode = CRC_MODE_SMACK;
773 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
774 ax->dev->name);
775 break;
776 case 2:
777 ax->crcmode = CRC_MODE_FLEX;
778 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
779 ax->dev->name);
780 break;
781 case 1:
782 ax->crcmode = CRC_MODE_NONE;
783 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
784 ax->dev->name);
785 break;
786 case 0:
787 /* fall through */
788 default:
789 crc_force = 0;
790 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
791 ax->dev->name);
792 ax->crcmode = CRC_MODE_SMACK_TEST;
793 }
794 ax->crcauto = (crc_force ? 0 : 1);
795
796 netif_start_queue(dev);
797
798 /* Done. We have linked the TTY line to a channel. */
799 return 0;
800
801out_free_buffers:
802 kfree(ax->rbuff);
803 kfree(ax->xbuff);
804
805out_free_netdev:
806 free_netdev(dev);
807
808out:
809 return err;
810}
811
812static void mkiss_close(struct tty_struct *tty)
813{
814 struct mkiss *ax;
815
816 write_lock_bh(&disc_data_lock);
817 ax = tty->disc_data;
818 tty->disc_data = NULL;
819 write_unlock_bh(&disc_data_lock);
820
821 if (!ax)
822 return;
823
824 /*
825 * We have now ensured that nobody can start using ap from now on, but
826 * we have to wait for all existing users to finish.
827 */
828 if (!atomic_dec_and_test(&ax->refcnt))
829 down(&ax->dead_sem);
830
831 unregister_netdev(ax->dev);
832
833 /* Free all AX25 frame buffers. */
834 kfree(ax->rbuff);
835 kfree(ax->xbuff);
836
837 ax->tty = NULL;
838}
839
840/* Perform I/O control on an active ax25 channel. */
841static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
842 unsigned int cmd, unsigned long arg)
843{
844 struct mkiss *ax = mkiss_get(tty);
845 struct net_device *dev;
846 unsigned int tmp, err;
847
848 /* First make sure we're connected. */
849 if (ax == NULL)
850 return -ENXIO;
851 dev = ax->dev;
852
853 switch (cmd) {
854 case SIOCGIFNAME:
855 err = copy_to_user((void __user *) arg, ax->dev->name,
856 strlen(ax->dev->name) + 1) ? -EFAULT : 0;
857 break;
858
859 case SIOCGIFENCAP:
860 err = put_user(4, (int __user *) arg);
861 break;
862
863 case SIOCSIFENCAP:
864 if (get_user(tmp, (int __user *) arg)) {
865 err = -EFAULT;
866 break;
867 }
868
869 ax->mode = tmp;
870 dev->addr_len = AX25_ADDR_LEN;
871 dev->hard_header_len = AX25_KISS_HEADER_LEN +
872 AX25_MAX_HEADER_LEN + 3;
873 dev->type = ARPHRD_AX25;
874
875 err = 0;
876 break;
877
878 case SIOCSIFHWADDR: {
879 char addr[AX25_ADDR_LEN];
880
881 if (copy_from_user(&addr,
882 (void __user *) arg, AX25_ADDR_LEN)) {
883 err = -EFAULT;
884 break;
885 }
886
887 netif_tx_lock_bh(dev);
888 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
889 netif_tx_unlock_bh(dev);
890
891 err = 0;
892 break;
893 }
894 default:
895 err = -ENOIOCTLCMD;
896 }
897
898 mkiss_put(ax);
899
900 return err;
901}
902
903#ifdef CONFIG_COMPAT
904static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
905 unsigned int cmd, unsigned long arg)
906{
907 switch (cmd) {
908 case SIOCGIFNAME:
909 case SIOCGIFENCAP:
910 case SIOCSIFENCAP:
911 case SIOCSIFHWADDR:
912 return mkiss_ioctl(tty, file, cmd,
913 (unsigned long)compat_ptr(arg));
914 }
915
916 return -ENOIOCTLCMD;
917}
918#endif
919
920/*
921 * Handle the 'receiver data ready' interrupt.
922 * This function is called by the 'tty_io' module in the kernel when
923 * a block of data has been received, which can now be decapsulated
924 * and sent on to the AX.25 layer for further processing.
925 */
926static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
927 char *fp, int count)
928{
929 struct mkiss *ax = mkiss_get(tty);
930
931 if (!ax)
932 return;
933
934 /*
935 * Argh! mtu change time! - costs us the packet part received
936 * at the change
937 */
938 if (ax->mtu != ax->dev->mtu + 73)
939 ax_changedmtu(ax);
940
941 /* Read the characters out of the buffer */
942 while (count--) {
943 if (fp != NULL && *fp++) {
944 if (!test_and_set_bit(AXF_ERROR, &ax->flags))
945 ax->dev->stats.rx_errors++;
946 cp++;
947 continue;
948 }
949
950 kiss_unesc(ax, *cp++);
951 }
952
953 mkiss_put(ax);
954 tty_unthrottle(tty);
955}
956
957/*
958 * Called by the driver when there's room for more data. If we have
959 * more packets to send, we send them here.
960 */
961static void mkiss_write_wakeup(struct tty_struct *tty)
962{
963 struct mkiss *ax = mkiss_get(tty);
964 int actual;
965
966 if (!ax)
967 return;
968
969 if (ax->xleft <= 0) {
970 /* Now serial buffer is almost free & we can start
971 * transmission of another packet
972 */
973 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
974
975 netif_wake_queue(ax->dev);
976 goto out;
977 }
978
979 actual = tty->ops->write(tty, ax->xhead, ax->xleft);
980 ax->xleft -= actual;
981 ax->xhead += actual;
982
983out:
984 mkiss_put(ax);
985}
986
987static struct tty_ldisc_ops ax_ldisc = {
988 .owner = THIS_MODULE,
989 .magic = TTY_LDISC_MAGIC,
990 .name = "mkiss",
991 .open = mkiss_open,
992 .close = mkiss_close,
993 .ioctl = mkiss_ioctl,
994#ifdef CONFIG_COMPAT
995 .compat_ioctl = mkiss_compat_ioctl,
996#endif
997 .receive_buf = mkiss_receive_buf,
998 .write_wakeup = mkiss_write_wakeup
999};
1000
1001static const char banner[] __initdata = KERN_INFO \
1002 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
1003static const char msg_regfail[] __initdata = KERN_ERR \
1004 "mkiss: can't register line discipline (err = %d)\n";
1005
1006static int __init mkiss_init_driver(void)
1007{
1008 int status;
1009
1010 printk(banner);
1011
1012 status = tty_register_ldisc(N_AX25, &ax_ldisc);
1013 if (status != 0)
1014 printk(msg_regfail, status);
1015
1016 return status;
1017}
1018
1019static const char msg_unregfail[] __exitdata = KERN_ERR \
1020 "mkiss: can't unregister line discipline (err = %d)\n";
1021
1022static void __exit mkiss_exit_driver(void)
1023{
1024 int ret;
1025
1026 if ((ret = tty_unregister_ldisc(N_AX25)))
1027 printk(msg_unregfail, ret);
1028}
1029
1030MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1031MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1032module_param(crc_force, int, 0);
1033MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1034MODULE_LICENSE("GPL");
1035MODULE_ALIAS_LDISC(N_AX25);
1036
1037module_init(mkiss_init_driver);
1038module_exit(mkiss_exit_driver);
1/*
2 * This program is free software; you can distribute it and/or modify it
3 * under the terms of the GNU General Public License (Version 2) as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope it will be useful, but WITHOUT
7 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
9 * for more details.
10 *
11 * You should have received a copy of the GNU General Public License along
12 * with this program; if not, write to the Free Software Foundation, Inc.,
13 * 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
14 *
15 * Copyright (C) Hans Alblas PE1AYX <hans@esrac.ele.tue.nl>
16 * Copyright (C) 2004, 05 Ralf Baechle DL5RB <ralf@linux-mips.org>
17 * Copyright (C) 2004, 05 Thomas Osterried DL9SAU <thomas@x-berg.in-berlin.de>
18 */
19#include <linux/module.h>
20#include <linux/bitops.h>
21#include <asm/uaccess.h>
22#include <linux/crc16.h>
23#include <linux/string.h>
24#include <linux/mm.h>
25#include <linux/interrupt.h>
26#include <linux/in.h>
27#include <linux/inet.h>
28#include <linux/slab.h>
29#include <linux/tty.h>
30#include <linux/errno.h>
31#include <linux/netdevice.h>
32#include <linux/major.h>
33#include <linux/init.h>
34#include <linux/rtnetlink.h>
35#include <linux/etherdevice.h>
36#include <linux/skbuff.h>
37#include <linux/if_arp.h>
38#include <linux/jiffies.h>
39#include <linux/compat.h>
40
41#include <net/ax25.h>
42
43#define AX_MTU 236
44
45/* SLIP/KISS protocol characters. */
46#define END 0300 /* indicates end of frame */
47#define ESC 0333 /* indicates byte stuffing */
48#define ESC_END 0334 /* ESC ESC_END means END 'data' */
49#define ESC_ESC 0335 /* ESC ESC_ESC means ESC 'data' */
50
51struct mkiss {
52 struct tty_struct *tty; /* ptr to TTY structure */
53 struct net_device *dev; /* easy for intr handling */
54
55 /* These are pointers to the malloc()ed frame buffers. */
56 spinlock_t buflock;/* lock for rbuf and xbuf */
57 unsigned char *rbuff; /* receiver buffer */
58 int rcount; /* received chars counter */
59 unsigned char *xbuff; /* transmitter buffer */
60 unsigned char *xhead; /* pointer to next byte to XMIT */
61 int xleft; /* bytes left in XMIT queue */
62
63 /* Detailed SLIP statistics. */
64 int mtu; /* Our mtu (to spot changes!) */
65 int buffsize; /* Max buffers sizes */
66
67 unsigned long flags; /* Flag values/ mode etc */
68 /* long req'd: used by set_bit --RR */
69#define AXF_INUSE 0 /* Channel in use */
70#define AXF_ESCAPE 1 /* ESC received */
71#define AXF_ERROR 2 /* Parity, etc. error */
72#define AXF_KEEPTEST 3 /* Keepalive test flag */
73#define AXF_OUTWAIT 4 /* is outpacket was flag */
74
75 int mode;
76 int crcmode; /* MW: for FlexNet, SMACK etc. */
77 int crcauto; /* CRC auto mode */
78
79#define CRC_MODE_NONE 0
80#define CRC_MODE_FLEX 1
81#define CRC_MODE_SMACK 2
82#define CRC_MODE_FLEX_TEST 3
83#define CRC_MODE_SMACK_TEST 4
84
85 atomic_t refcnt;
86 struct semaphore dead_sem;
87};
88
89/*---------------------------------------------------------------------------*/
90
91static const unsigned short crc_flex_table[] = {
92 0x0f87, 0x1e0e, 0x2c95, 0x3d1c, 0x49a3, 0x582a, 0x6ab1, 0x7b38,
93 0x83cf, 0x9246, 0xa0dd, 0xb154, 0xc5eb, 0xd462, 0xe6f9, 0xf770,
94 0x1f06, 0x0e8f, 0x3c14, 0x2d9d, 0x5922, 0x48ab, 0x7a30, 0x6bb9,
95 0x934e, 0x82c7, 0xb05c, 0xa1d5, 0xd56a, 0xc4e3, 0xf678, 0xe7f1,
96 0x2e85, 0x3f0c, 0x0d97, 0x1c1e, 0x68a1, 0x7928, 0x4bb3, 0x5a3a,
97 0xa2cd, 0xb344, 0x81df, 0x9056, 0xe4e9, 0xf560, 0xc7fb, 0xd672,
98 0x3e04, 0x2f8d, 0x1d16, 0x0c9f, 0x7820, 0x69a9, 0x5b32, 0x4abb,
99 0xb24c, 0xa3c5, 0x915e, 0x80d7, 0xf468, 0xe5e1, 0xd77a, 0xc6f3,
100 0x4d83, 0x5c0a, 0x6e91, 0x7f18, 0x0ba7, 0x1a2e, 0x28b5, 0x393c,
101 0xc1cb, 0xd042, 0xe2d9, 0xf350, 0x87ef, 0x9666, 0xa4fd, 0xb574,
102 0x5d02, 0x4c8b, 0x7e10, 0x6f99, 0x1b26, 0x0aaf, 0x3834, 0x29bd,
103 0xd14a, 0xc0c3, 0xf258, 0xe3d1, 0x976e, 0x86e7, 0xb47c, 0xa5f5,
104 0x6c81, 0x7d08, 0x4f93, 0x5e1a, 0x2aa5, 0x3b2c, 0x09b7, 0x183e,
105 0xe0c9, 0xf140, 0xc3db, 0xd252, 0xa6ed, 0xb764, 0x85ff, 0x9476,
106 0x7c00, 0x6d89, 0x5f12, 0x4e9b, 0x3a24, 0x2bad, 0x1936, 0x08bf,
107 0xf048, 0xe1c1, 0xd35a, 0xc2d3, 0xb66c, 0xa7e5, 0x957e, 0x84f7,
108 0x8b8f, 0x9a06, 0xa89d, 0xb914, 0xcdab, 0xdc22, 0xeeb9, 0xff30,
109 0x07c7, 0x164e, 0x24d5, 0x355c, 0x41e3, 0x506a, 0x62f1, 0x7378,
110 0x9b0e, 0x8a87, 0xb81c, 0xa995, 0xdd2a, 0xcca3, 0xfe38, 0xefb1,
111 0x1746, 0x06cf, 0x3454, 0x25dd, 0x5162, 0x40eb, 0x7270, 0x63f9,
112 0xaa8d, 0xbb04, 0x899f, 0x9816, 0xeca9, 0xfd20, 0xcfbb, 0xde32,
113 0x26c5, 0x374c, 0x05d7, 0x145e, 0x60e1, 0x7168, 0x43f3, 0x527a,
114 0xba0c, 0xab85, 0x991e, 0x8897, 0xfc28, 0xeda1, 0xdf3a, 0xceb3,
115 0x3644, 0x27cd, 0x1556, 0x04df, 0x7060, 0x61e9, 0x5372, 0x42fb,
116 0xc98b, 0xd802, 0xea99, 0xfb10, 0x8faf, 0x9e26, 0xacbd, 0xbd34,
117 0x45c3, 0x544a, 0x66d1, 0x7758, 0x03e7, 0x126e, 0x20f5, 0x317c,
118 0xd90a, 0xc883, 0xfa18, 0xeb91, 0x9f2e, 0x8ea7, 0xbc3c, 0xadb5,
119 0x5542, 0x44cb, 0x7650, 0x67d9, 0x1366, 0x02ef, 0x3074, 0x21fd,
120 0xe889, 0xf900, 0xcb9b, 0xda12, 0xaead, 0xbf24, 0x8dbf, 0x9c36,
121 0x64c1, 0x7548, 0x47d3, 0x565a, 0x22e5, 0x336c, 0x01f7, 0x107e,
122 0xf808, 0xe981, 0xdb1a, 0xca93, 0xbe2c, 0xafa5, 0x9d3e, 0x8cb7,
123 0x7440, 0x65c9, 0x5752, 0x46db, 0x3264, 0x23ed, 0x1176, 0x00ff
124};
125
126static unsigned short calc_crc_flex(unsigned char *cp, int size)
127{
128 unsigned short crc = 0xffff;
129
130 while (size--)
131 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
132
133 return crc;
134}
135
136static int check_crc_flex(unsigned char *cp, int size)
137{
138 unsigned short crc = 0xffff;
139
140 if (size < 3)
141 return -1;
142
143 while (size--)
144 crc = (crc << 8) ^ crc_flex_table[((crc >> 8) ^ *cp++) & 0xff];
145
146 if ((crc & 0xffff) != 0x7070)
147 return -1;
148
149 return 0;
150}
151
152static int check_crc_16(unsigned char *cp, int size)
153{
154 unsigned short crc = 0x0000;
155
156 if (size < 3)
157 return -1;
158
159 crc = crc16(0, cp, size);
160
161 if (crc != 0x0000)
162 return -1;
163
164 return 0;
165}
166
167/*
168 * Standard encapsulation
169 */
170
171static int kiss_esc(unsigned char *s, unsigned char *d, int len)
172{
173 unsigned char *ptr = d;
174 unsigned char c;
175
176 /*
177 * Send an initial END character to flush out any data that may have
178 * accumulated in the receiver due to line noise.
179 */
180
181 *ptr++ = END;
182
183 while (len-- > 0) {
184 switch (c = *s++) {
185 case END:
186 *ptr++ = ESC;
187 *ptr++ = ESC_END;
188 break;
189 case ESC:
190 *ptr++ = ESC;
191 *ptr++ = ESC_ESC;
192 break;
193 default:
194 *ptr++ = c;
195 break;
196 }
197 }
198
199 *ptr++ = END;
200
201 return ptr - d;
202}
203
204/*
205 * MW:
206 * OK its ugly, but tell me a better solution without copying the
207 * packet to a temporary buffer :-)
208 */
209static int kiss_esc_crc(unsigned char *s, unsigned char *d, unsigned short crc,
210 int len)
211{
212 unsigned char *ptr = d;
213 unsigned char c=0;
214
215 *ptr++ = END;
216 while (len > 0) {
217 if (len > 2)
218 c = *s++;
219 else if (len > 1)
220 c = crc >> 8;
221 else if (len > 0)
222 c = crc & 0xff;
223
224 len--;
225
226 switch (c) {
227 case END:
228 *ptr++ = ESC;
229 *ptr++ = ESC_END;
230 break;
231 case ESC:
232 *ptr++ = ESC;
233 *ptr++ = ESC_ESC;
234 break;
235 default:
236 *ptr++ = c;
237 break;
238 }
239 }
240 *ptr++ = END;
241
242 return ptr - d;
243}
244
245/* Send one completely decapsulated AX.25 packet to the AX.25 layer. */
246static void ax_bump(struct mkiss *ax)
247{
248 struct sk_buff *skb;
249 int count;
250
251 spin_lock_bh(&ax->buflock);
252 if (ax->rbuff[0] > 0x0f) {
253 if (ax->rbuff[0] & 0x80) {
254 if (check_crc_16(ax->rbuff, ax->rcount) < 0) {
255 ax->dev->stats.rx_errors++;
256 spin_unlock_bh(&ax->buflock);
257
258 return;
259 }
260 if (ax->crcmode != CRC_MODE_SMACK && ax->crcauto) {
261 printk(KERN_INFO
262 "mkiss: %s: Switching to crc-smack\n",
263 ax->dev->name);
264 ax->crcmode = CRC_MODE_SMACK;
265 }
266 ax->rcount -= 2;
267 *ax->rbuff &= ~0x80;
268 } else if (ax->rbuff[0] & 0x20) {
269 if (check_crc_flex(ax->rbuff, ax->rcount) < 0) {
270 ax->dev->stats.rx_errors++;
271 spin_unlock_bh(&ax->buflock);
272 return;
273 }
274 if (ax->crcmode != CRC_MODE_FLEX && ax->crcauto) {
275 printk(KERN_INFO
276 "mkiss: %s: Switching to crc-flexnet\n",
277 ax->dev->name);
278 ax->crcmode = CRC_MODE_FLEX;
279 }
280 ax->rcount -= 2;
281
282 /*
283 * dl9sau bugfix: the trailling two bytes flexnet crc
284 * will not be passed to the kernel. thus we have to
285 * correct the kissparm signature, because it indicates
286 * a crc but there's none
287 */
288 *ax->rbuff &= ~0x20;
289 }
290 }
291
292 count = ax->rcount;
293
294 if ((skb = dev_alloc_skb(count)) == NULL) {
295 printk(KERN_ERR "mkiss: %s: memory squeeze, dropping packet.\n",
296 ax->dev->name);
297 ax->dev->stats.rx_dropped++;
298 spin_unlock_bh(&ax->buflock);
299 return;
300 }
301
302 memcpy(skb_put(skb,count), ax->rbuff, count);
303 skb->protocol = ax25_type_trans(skb, ax->dev);
304 netif_rx(skb);
305 ax->dev->stats.rx_packets++;
306 ax->dev->stats.rx_bytes += count;
307 spin_unlock_bh(&ax->buflock);
308}
309
310static void kiss_unesc(struct mkiss *ax, unsigned char s)
311{
312 switch (s) {
313 case END:
314 /* drop keeptest bit = VSV */
315 if (test_bit(AXF_KEEPTEST, &ax->flags))
316 clear_bit(AXF_KEEPTEST, &ax->flags);
317
318 if (!test_and_clear_bit(AXF_ERROR, &ax->flags) && (ax->rcount > 2))
319 ax_bump(ax);
320
321 clear_bit(AXF_ESCAPE, &ax->flags);
322 ax->rcount = 0;
323 return;
324
325 case ESC:
326 set_bit(AXF_ESCAPE, &ax->flags);
327 return;
328 case ESC_ESC:
329 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
330 s = ESC;
331 break;
332 case ESC_END:
333 if (test_and_clear_bit(AXF_ESCAPE, &ax->flags))
334 s = END;
335 break;
336 }
337
338 spin_lock_bh(&ax->buflock);
339 if (!test_bit(AXF_ERROR, &ax->flags)) {
340 if (ax->rcount < ax->buffsize) {
341 ax->rbuff[ax->rcount++] = s;
342 spin_unlock_bh(&ax->buflock);
343 return;
344 }
345
346 ax->dev->stats.rx_over_errors++;
347 set_bit(AXF_ERROR, &ax->flags);
348 }
349 spin_unlock_bh(&ax->buflock);
350}
351
352static int ax_set_mac_address(struct net_device *dev, void *addr)
353{
354 struct sockaddr_ax25 *sa = addr;
355
356 netif_tx_lock_bh(dev);
357 netif_addr_lock(dev);
358 memcpy(dev->dev_addr, &sa->sax25_call, AX25_ADDR_LEN);
359 netif_addr_unlock(dev);
360 netif_tx_unlock_bh(dev);
361
362 return 0;
363}
364
365/*---------------------------------------------------------------------------*/
366
367static void ax_changedmtu(struct mkiss *ax)
368{
369 struct net_device *dev = ax->dev;
370 unsigned char *xbuff, *rbuff, *oxbuff, *orbuff;
371 int len;
372
373 len = dev->mtu * 2;
374
375 /*
376 * allow for arrival of larger UDP packets, even if we say not to
377 * also fixes a bug in which SunOS sends 512-byte packets even with
378 * an MSS of 128
379 */
380 if (len < 576 * 2)
381 len = 576 * 2;
382
383 xbuff = kmalloc(len + 4, GFP_ATOMIC);
384 rbuff = kmalloc(len + 4, GFP_ATOMIC);
385
386 if (xbuff == NULL || rbuff == NULL) {
387 printk(KERN_ERR "mkiss: %s: unable to grow ax25 buffers, "
388 "MTU change cancelled.\n",
389 ax->dev->name);
390 dev->mtu = ax->mtu;
391 kfree(xbuff);
392 kfree(rbuff);
393 return;
394 }
395
396 spin_lock_bh(&ax->buflock);
397
398 oxbuff = ax->xbuff;
399 ax->xbuff = xbuff;
400 orbuff = ax->rbuff;
401 ax->rbuff = rbuff;
402
403 if (ax->xleft) {
404 if (ax->xleft <= len) {
405 memcpy(ax->xbuff, ax->xhead, ax->xleft);
406 } else {
407 ax->xleft = 0;
408 dev->stats.tx_dropped++;
409 }
410 }
411
412 ax->xhead = ax->xbuff;
413
414 if (ax->rcount) {
415 if (ax->rcount <= len) {
416 memcpy(ax->rbuff, orbuff, ax->rcount);
417 } else {
418 ax->rcount = 0;
419 dev->stats.rx_over_errors++;
420 set_bit(AXF_ERROR, &ax->flags);
421 }
422 }
423
424 ax->mtu = dev->mtu + 73;
425 ax->buffsize = len;
426
427 spin_unlock_bh(&ax->buflock);
428
429 kfree(oxbuff);
430 kfree(orbuff);
431}
432
433/* Encapsulate one AX.25 packet and stuff into a TTY queue. */
434static void ax_encaps(struct net_device *dev, unsigned char *icp, int len)
435{
436 struct mkiss *ax = netdev_priv(dev);
437 unsigned char *p;
438 int actual, count;
439
440 if (ax->mtu != ax->dev->mtu + 73) /* Someone has been ifconfigging */
441 ax_changedmtu(ax);
442
443 if (len > ax->mtu) { /* Sigh, shouldn't occur BUT ... */
444 len = ax->mtu;
445 printk(KERN_ERR "mkiss: %s: truncating oversized transmit packet!\n", ax->dev->name);
446 dev->stats.tx_dropped++;
447 netif_start_queue(dev);
448 return;
449 }
450
451 p = icp;
452
453 spin_lock_bh(&ax->buflock);
454 if ((*p & 0x0f) != 0) {
455 /* Configuration Command (kissparms(1).
456 * Protocol spec says: never append CRC.
457 * This fixes a very old bug in the linux
458 * kiss driver. -- dl9sau */
459 switch (*p & 0xff) {
460 case 0x85:
461 /* command from userspace especially for us,
462 * not for delivery to the tnc */
463 if (len > 1) {
464 int cmd = (p[1] & 0xff);
465 switch(cmd) {
466 case 3:
467 ax->crcmode = CRC_MODE_SMACK;
468 break;
469 case 2:
470 ax->crcmode = CRC_MODE_FLEX;
471 break;
472 case 1:
473 ax->crcmode = CRC_MODE_NONE;
474 break;
475 case 0:
476 default:
477 ax->crcmode = CRC_MODE_SMACK_TEST;
478 cmd = 0;
479 }
480 ax->crcauto = (cmd ? 0 : 1);
481 printk(KERN_INFO "mkiss: %s: crc mode %s %d\n", ax->dev->name, (len) ? "set to" : "is", cmd);
482 }
483 spin_unlock_bh(&ax->buflock);
484 netif_start_queue(dev);
485
486 return;
487 default:
488 count = kiss_esc(p, (unsigned char *)ax->xbuff, len);
489 }
490 } else {
491 unsigned short crc;
492 switch (ax->crcmode) {
493 case CRC_MODE_SMACK_TEST:
494 ax->crcmode = CRC_MODE_FLEX_TEST;
495 printk(KERN_INFO "mkiss: %s: Trying crc-smack\n", ax->dev->name);
496 // fall through
497 case CRC_MODE_SMACK:
498 *p |= 0x80;
499 crc = swab16(crc16(0, p, len));
500 count = kiss_esc_crc(p, (unsigned char *)ax->xbuff, crc, len+2);
501 break;
502 case CRC_MODE_FLEX_TEST:
503 ax->crcmode = CRC_MODE_NONE;
504 printk(KERN_INFO "mkiss: %s: Trying crc-flexnet\n", ax->dev->name);
505 // fall through
506 case CRC_MODE_FLEX:
507 *p |= 0x20;
508 crc = calc_crc_flex(p, len);
509 count = kiss_esc_crc(p, (unsigned char *)ax->xbuff, crc, len+2);
510 break;
511
512 default:
513 count = kiss_esc(p, (unsigned char *)ax->xbuff, len);
514 }
515 }
516 spin_unlock_bh(&ax->buflock);
517
518 set_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
519 actual = ax->tty->ops->write(ax->tty, ax->xbuff, count);
520 dev->stats.tx_packets++;
521 dev->stats.tx_bytes += actual;
522
523 ax->dev->trans_start = jiffies;
524 ax->xleft = count - actual;
525 ax->xhead = ax->xbuff + actual;
526}
527
528/* Encapsulate an AX.25 packet and kick it into a TTY queue. */
529static netdev_tx_t ax_xmit(struct sk_buff *skb, struct net_device *dev)
530{
531 struct mkiss *ax = netdev_priv(dev);
532
533 if (!netif_running(dev)) {
534 printk(KERN_ERR "mkiss: %s: xmit call when iface is down\n", dev->name);
535 return NETDEV_TX_BUSY;
536 }
537
538 if (netif_queue_stopped(dev)) {
539 /*
540 * May be we must check transmitter timeout here ?
541 * 14 Oct 1994 Dmitry Gorodchanin.
542 */
543 if (time_before(jiffies, dev->trans_start + 20 * HZ)) {
544 /* 20 sec timeout not reached */
545 return NETDEV_TX_BUSY;
546 }
547
548 printk(KERN_ERR "mkiss: %s: transmit timed out, %s?\n", dev->name,
549 (tty_chars_in_buffer(ax->tty) || ax->xleft) ?
550 "bad line quality" : "driver error");
551
552 ax->xleft = 0;
553 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
554 netif_start_queue(dev);
555 }
556
557 /* We were not busy, so we are now... :-) */
558 if (skb != NULL) {
559 netif_stop_queue(dev);
560 ax_encaps(dev, skb->data, skb->len);
561 kfree_skb(skb);
562 }
563
564 return NETDEV_TX_OK;
565}
566
567static int ax_open_dev(struct net_device *dev)
568{
569 struct mkiss *ax = netdev_priv(dev);
570
571 if (ax->tty == NULL)
572 return -ENODEV;
573
574 return 0;
575}
576
577#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
578
579/* Return the frame type ID */
580static int ax_header(struct sk_buff *skb, struct net_device *dev,
581 unsigned short type, const void *daddr,
582 const void *saddr, unsigned len)
583{
584#ifdef CONFIG_INET
585 if (type != ETH_P_AX25)
586 return ax25_hard_header(skb, dev, type, daddr, saddr, len);
587#endif
588 return 0;
589}
590
591
592static int ax_rebuild_header(struct sk_buff *skb)
593{
594#ifdef CONFIG_INET
595 return ax25_rebuild_header(skb);
596#else
597 return 0;
598#endif
599}
600
601#endif /* CONFIG_{AX25,AX25_MODULE} */
602
603/* Open the low-level part of the AX25 channel. Easy! */
604static int ax_open(struct net_device *dev)
605{
606 struct mkiss *ax = netdev_priv(dev);
607 unsigned long len;
608
609 if (ax->tty == NULL)
610 return -ENODEV;
611
612 /*
613 * Allocate the frame buffers:
614 *
615 * rbuff Receive buffer.
616 * xbuff Transmit buffer.
617 */
618 len = dev->mtu * 2;
619
620 /*
621 * allow for arrival of larger UDP packets, even if we say not to
622 * also fixes a bug in which SunOS sends 512-byte packets even with
623 * an MSS of 128
624 */
625 if (len < 576 * 2)
626 len = 576 * 2;
627
628 if ((ax->rbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
629 goto norbuff;
630
631 if ((ax->xbuff = kmalloc(len + 4, GFP_KERNEL)) == NULL)
632 goto noxbuff;
633
634 ax->mtu = dev->mtu + 73;
635 ax->buffsize = len;
636 ax->rcount = 0;
637 ax->xleft = 0;
638
639 ax->flags &= (1 << AXF_INUSE); /* Clear ESCAPE & ERROR flags */
640
641 spin_lock_init(&ax->buflock);
642
643 return 0;
644
645noxbuff:
646 kfree(ax->rbuff);
647
648norbuff:
649 return -ENOMEM;
650}
651
652
653/* Close the low-level part of the AX25 channel. Easy! */
654static int ax_close(struct net_device *dev)
655{
656 struct mkiss *ax = netdev_priv(dev);
657
658 if (ax->tty)
659 clear_bit(TTY_DO_WRITE_WAKEUP, &ax->tty->flags);
660
661 netif_stop_queue(dev);
662
663 return 0;
664}
665
666static const struct header_ops ax_header_ops = {
667 .create = ax_header,
668 .rebuild = ax_rebuild_header,
669};
670
671static const struct net_device_ops ax_netdev_ops = {
672 .ndo_open = ax_open_dev,
673 .ndo_stop = ax_close,
674 .ndo_start_xmit = ax_xmit,
675 .ndo_set_mac_address = ax_set_mac_address,
676};
677
678static void ax_setup(struct net_device *dev)
679{
680 /* Finish setting up the DEVICE info. */
681 dev->mtu = AX_MTU;
682 dev->hard_header_len = 0;
683 dev->addr_len = 0;
684 dev->type = ARPHRD_AX25;
685 dev->tx_queue_len = 10;
686 dev->header_ops = &ax_header_ops;
687 dev->netdev_ops = &ax_netdev_ops;
688
689
690 memcpy(dev->broadcast, &ax25_bcast, AX25_ADDR_LEN);
691 memcpy(dev->dev_addr, &ax25_defaddr, AX25_ADDR_LEN);
692
693 dev->flags = IFF_BROADCAST | IFF_MULTICAST;
694}
695
696/*
697 * We have a potential race on dereferencing tty->disc_data, because the tty
698 * layer provides no locking at all - thus one cpu could be running
699 * sixpack_receive_buf while another calls sixpack_close, which zeroes
700 * tty->disc_data and frees the memory that sixpack_receive_buf is using. The
701 * best way to fix this is to use a rwlock in the tty struct, but for now we
702 * use a single global rwlock for all ttys in ppp line discipline.
703 */
704static DEFINE_RWLOCK(disc_data_lock);
705
706static struct mkiss *mkiss_get(struct tty_struct *tty)
707{
708 struct mkiss *ax;
709
710 read_lock(&disc_data_lock);
711 ax = tty->disc_data;
712 if (ax)
713 atomic_inc(&ax->refcnt);
714 read_unlock(&disc_data_lock);
715
716 return ax;
717}
718
719static void mkiss_put(struct mkiss *ax)
720{
721 if (atomic_dec_and_test(&ax->refcnt))
722 up(&ax->dead_sem);
723}
724
725static int crc_force = 0; /* Can be overridden with insmod */
726
727static int mkiss_open(struct tty_struct *tty)
728{
729 struct net_device *dev;
730 struct mkiss *ax;
731 int err;
732
733 if (!capable(CAP_NET_ADMIN))
734 return -EPERM;
735 if (tty->ops->write == NULL)
736 return -EOPNOTSUPP;
737
738 dev = alloc_netdev(sizeof(struct mkiss), "ax%d", ax_setup);
739 if (!dev) {
740 err = -ENOMEM;
741 goto out;
742 }
743
744 ax = netdev_priv(dev);
745 ax->dev = dev;
746
747 spin_lock_init(&ax->buflock);
748 atomic_set(&ax->refcnt, 1);
749 sema_init(&ax->dead_sem, 0);
750
751 ax->tty = tty;
752 tty->disc_data = ax;
753 tty->receive_room = 65535;
754
755 tty_driver_flush_buffer(tty);
756
757 /* Restore default settings */
758 dev->type = ARPHRD_AX25;
759
760 /* Perform the low-level AX25 initialization. */
761 if ((err = ax_open(ax->dev))) {
762 goto out_free_netdev;
763 }
764
765 if (register_netdev(dev))
766 goto out_free_buffers;
767
768 /* after register_netdev() - because else printk smashes the kernel */
769 switch (crc_force) {
770 case 3:
771 ax->crcmode = CRC_MODE_SMACK;
772 printk(KERN_INFO "mkiss: %s: crc mode smack forced.\n",
773 ax->dev->name);
774 break;
775 case 2:
776 ax->crcmode = CRC_MODE_FLEX;
777 printk(KERN_INFO "mkiss: %s: crc mode flexnet forced.\n",
778 ax->dev->name);
779 break;
780 case 1:
781 ax->crcmode = CRC_MODE_NONE;
782 printk(KERN_INFO "mkiss: %s: crc mode disabled.\n",
783 ax->dev->name);
784 break;
785 case 0:
786 /* fall through */
787 default:
788 crc_force = 0;
789 printk(KERN_INFO "mkiss: %s: crc mode is auto.\n",
790 ax->dev->name);
791 ax->crcmode = CRC_MODE_SMACK_TEST;
792 }
793 ax->crcauto = (crc_force ? 0 : 1);
794
795 netif_start_queue(dev);
796
797 /* Done. We have linked the TTY line to a channel. */
798 return 0;
799
800out_free_buffers:
801 kfree(ax->rbuff);
802 kfree(ax->xbuff);
803
804out_free_netdev:
805 free_netdev(dev);
806
807out:
808 return err;
809}
810
811static void mkiss_close(struct tty_struct *tty)
812{
813 struct mkiss *ax;
814
815 write_lock_bh(&disc_data_lock);
816 ax = tty->disc_data;
817 tty->disc_data = NULL;
818 write_unlock_bh(&disc_data_lock);
819
820 if (!ax)
821 return;
822
823 /*
824 * We have now ensured that nobody can start using ap from now on, but
825 * we have to wait for all existing users to finish.
826 */
827 if (!atomic_dec_and_test(&ax->refcnt))
828 down(&ax->dead_sem);
829
830 unregister_netdev(ax->dev);
831
832 /* Free all AX25 frame buffers. */
833 kfree(ax->rbuff);
834 kfree(ax->xbuff);
835
836 ax->tty = NULL;
837}
838
839/* Perform I/O control on an active ax25 channel. */
840static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
841 unsigned int cmd, unsigned long arg)
842{
843 struct mkiss *ax = mkiss_get(tty);
844 struct net_device *dev;
845 unsigned int tmp, err;
846
847 /* First make sure we're connected. */
848 if (ax == NULL)
849 return -ENXIO;
850 dev = ax->dev;
851
852 switch (cmd) {
853 case SIOCGIFNAME:
854 err = copy_to_user((void __user *) arg, ax->dev->name,
855 strlen(ax->dev->name) + 1) ? -EFAULT : 0;
856 break;
857
858 case SIOCGIFENCAP:
859 err = put_user(4, (int __user *) arg);
860 break;
861
862 case SIOCSIFENCAP:
863 if (get_user(tmp, (int __user *) arg)) {
864 err = -EFAULT;
865 break;
866 }
867
868 ax->mode = tmp;
869 dev->addr_len = AX25_ADDR_LEN;
870 dev->hard_header_len = AX25_KISS_HEADER_LEN +
871 AX25_MAX_HEADER_LEN + 3;
872 dev->type = ARPHRD_AX25;
873
874 err = 0;
875 break;
876
877 case SIOCSIFHWADDR: {
878 char addr[AX25_ADDR_LEN];
879
880 if (copy_from_user(&addr,
881 (void __user *) arg, AX25_ADDR_LEN)) {
882 err = -EFAULT;
883 break;
884 }
885
886 netif_tx_lock_bh(dev);
887 memcpy(dev->dev_addr, addr, AX25_ADDR_LEN);
888 netif_tx_unlock_bh(dev);
889
890 err = 0;
891 break;
892 }
893 default:
894 err = -ENOIOCTLCMD;
895 }
896
897 mkiss_put(ax);
898
899 return err;
900}
901
902#ifdef CONFIG_COMPAT
903static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
904 unsigned int cmd, unsigned long arg)
905{
906 switch (cmd) {
907 case SIOCGIFNAME:
908 case SIOCGIFENCAP:
909 case SIOCSIFENCAP:
910 case SIOCSIFHWADDR:
911 return mkiss_ioctl(tty, file, cmd,
912 (unsigned long)compat_ptr(arg));
913 }
914
915 return -ENOIOCTLCMD;
916}
917#endif
918
919/*
920 * Handle the 'receiver data ready' interrupt.
921 * This function is called by the 'tty_io' module in the kernel when
922 * a block of data has been received, which can now be decapsulated
923 * and sent on to the AX.25 layer for further processing.
924 */
925static void mkiss_receive_buf(struct tty_struct *tty, const unsigned char *cp,
926 char *fp, int count)
927{
928 struct mkiss *ax = mkiss_get(tty);
929
930 if (!ax)
931 return;
932
933 /*
934 * Argh! mtu change time! - costs us the packet part received
935 * at the change
936 */
937 if (ax->mtu != ax->dev->mtu + 73)
938 ax_changedmtu(ax);
939
940 /* Read the characters out of the buffer */
941 while (count--) {
942 if (fp != NULL && *fp++) {
943 if (!test_and_set_bit(AXF_ERROR, &ax->flags))
944 ax->dev->stats.rx_errors++;
945 cp++;
946 continue;
947 }
948
949 kiss_unesc(ax, *cp++);
950 }
951
952 mkiss_put(ax);
953 tty_unthrottle(tty);
954}
955
956/*
957 * Called by the driver when there's room for more data. If we have
958 * more packets to send, we send them here.
959 */
960static void mkiss_write_wakeup(struct tty_struct *tty)
961{
962 struct mkiss *ax = mkiss_get(tty);
963 int actual;
964
965 if (!ax)
966 return;
967
968 if (ax->xleft <= 0) {
969 /* Now serial buffer is almost free & we can start
970 * transmission of another packet
971 */
972 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
973
974 netif_wake_queue(ax->dev);
975 goto out;
976 }
977
978 actual = tty->ops->write(tty, ax->xhead, ax->xleft);
979 ax->xleft -= actual;
980 ax->xhead += actual;
981
982out:
983 mkiss_put(ax);
984}
985
986static struct tty_ldisc_ops ax_ldisc = {
987 .owner = THIS_MODULE,
988 .magic = TTY_LDISC_MAGIC,
989 .name = "mkiss",
990 .open = mkiss_open,
991 .close = mkiss_close,
992 .ioctl = mkiss_ioctl,
993#ifdef CONFIG_COMPAT
994 .compat_ioctl = mkiss_compat_ioctl,
995#endif
996 .receive_buf = mkiss_receive_buf,
997 .write_wakeup = mkiss_write_wakeup
998};
999
1000static const char banner[] __initdata = KERN_INFO \
1001 "mkiss: AX.25 Multikiss, Hans Albas PE1AYX\n";
1002static const char msg_regfail[] __initdata = KERN_ERR \
1003 "mkiss: can't register line discipline (err = %d)\n";
1004
1005static int __init mkiss_init_driver(void)
1006{
1007 int status;
1008
1009 printk(banner);
1010
1011 status = tty_register_ldisc(N_AX25, &ax_ldisc);
1012 if (status != 0)
1013 printk(msg_regfail, status);
1014
1015 return status;
1016}
1017
1018static const char msg_unregfail[] __exitdata = KERN_ERR \
1019 "mkiss: can't unregister line discipline (err = %d)\n";
1020
1021static void __exit mkiss_exit_driver(void)
1022{
1023 int ret;
1024
1025 if ((ret = tty_unregister_ldisc(N_AX25)))
1026 printk(msg_unregfail, ret);
1027}
1028
1029MODULE_AUTHOR("Ralf Baechle DL5RB <ralf@linux-mips.org>");
1030MODULE_DESCRIPTION("KISS driver for AX.25 over TTYs");
1031module_param(crc_force, int, 0);
1032MODULE_PARM_DESC(crc_force, "crc [0 = auto | 1 = none | 2 = flexnet | 3 = smack]");
1033MODULE_LICENSE("GPL");
1034MODULE_ALIAS_LDISC(N_AX25);
1035
1036module_init(mkiss_init_driver);
1037module_exit(mkiss_exit_driver);